It appears that the trouble at CVShome is worse than originally thought.
The main site http://www.cvshome.org is still down. German online magazine Heise (1) carries a report from Derek Reboer Price of the CVS team. In it, Price explains that the cvshome servers were breached and a root kit installed, prior to the CVS patches being applied. No further details on the initial breach are available at this time.
The CVS-Bugs mailing list archive (2) carries Price's original posting. In it, he theorises that "...cvshome.org was abused to send the email using a root kit installed prior to the patching of its CVS server for CAN-2004-0396." He advises that "any CVS server running a release of CVS earlier than 1.11.16 or 1.12.8 be taken down immediately and patched."
(1) Heise online magazine http://www.heise.de/security/news/meldung/47645
(2) CVS Bugs http://mail.gnu.org/archive/html/bug-cvs/2004-05/msg00380.html
Mark Cooper mark at mhc-online co uk
May 27th 2004
1 decade ago